mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix password reset if encryption is enabled 

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2016-12-08 11:38:23 +01:00
parent 74d1b0bada
commit 16bbd3fd7c
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/Controller/LostController.php
View File

@ -30,6 +30,7 @@
namespace OC\Core\Controller; namespace OC\Core\Controller;
use OCA\Encryption\Exceptions\PrivateKeyMissingException;
use \OCP\AppFramework\Controller; use \OCP\AppFramework\Controller;
use \OCP\AppFramework\Http\TemplateResponse; use \OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
@ -154,7 +155,7 @@ class LostController extends Controller {
* @param string $userId * @param string $userId
* @throws \Exception * @throws \Exception
*/ */
private function checkPasswordResetToken($token, $userId) { protected function checkPasswordResetToken($token, $userId) {
$user = $this->userManager->get($userId); $user = $this->userManager->get($userId);
if($user === null) { if($user === null) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
@ -241,6 +242,11 @@ class LostController extends Controller {
$this->config->deleteUserValue($userId, 'core', 'lostpassword'); $this->config->deleteUserValue($userId, 'core', 'lostpassword');
@\OC_User::unsetMagicInCookie(); @\OC_User::unsetMagicInCookie();
} catch (PrivateKeyMissingException $e) {
// in this case it is OK if we couldn't reset the users private key
// They chose explicitely to continue at the password reset dialog
// (see $proceed flag)
return $this->success();
} catch (\Exception $e){ } catch (\Exception $e){
return $this->error($e->getMessage()); return $this->error($e->getMessage());
} }

39
tests/Core/Controller/LostControllerTest.php
View File

@ -23,6 +23,7 @@ namespace Tests\Core\Controller;
use OC\Core\Controller\LostController; use OC\Core\Controller\LostController;
use OC\Mail\Message; use OC\Mail\Message;
use OCA\Encryption\Exceptions\PrivateKeyMissingException;
use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Encryption\IManager; use OCP\Encryption\IManager;
@ -590,4 +591,42 @@ class LostControllerTest extends \Test\TestCase {
$this->assertSame($expectedResponse, $response); $this->assertSame($expectedResponse, $response);
} }
public function testSetPasswordEncryptionProceed() {
/** @var LostController | PHPUnit_Framework_MockObject_MockObject $lostController */
$lostController = $this->getMockBuilder(LostController::class)
->setConstructorArgs(
[
'Core',
$this->request,
$this->urlGenerator,
$this->userManager,
$this->defaults,
$this->l10n,
$this->config,
$this->secureRandom,
'lostpassword-noreply@localhost',
$this->encryptionManager,
$this->mailer,
$this->timeFactory,
$this->crypto
]
)->setMethods(['checkPasswordResetToken'])->getMock();
$lostController->expects($this->once())->method('checkPasswordResetToken')->willReturn(true);
$user = $this->createMock(IUser::class);
$user->method('setPassword')->willReturnCallback(
function() {
throw new PrivateKeyMissingException('user');
}
);
$this->userManager->method('get')->with('user')->willReturn($user);
$response = $lostController->setPassword('myToken', 'user', 'newpass', true);
$expectedResponse = ['status' => 'success'];
$this->assertSame($expectedResponse, $response);
}
} }